Slashdot Mirror
Mariposa Botmasters Sought Real Jobs After Arrest
An anonymous reader writes "Two of the three Spanish men arrested in February for their alleged role in operating the massive Mariposa botnet later sought jobs at the Spanish security firm that previously had helped get them arrested. From Krebsonsecurity.com: 'Corrons, a technical director and blogger for Spanish security firm Panda Security, said he received a visit from the hackers on the morning of March 22. The two men, known by the online nicknames "Netkairo" and "Ostiator," were arrested in February by Spanish police for their alleged role in running the "Mariposa" botnet, a malware distribution platform that spread malicious software to more than 12 million Internet addresses from 190 countries (mariposa is Spanish for "butterfly"). Now, here the two Mariposa curators were at Panda's headquarters in Bilbao, their resumes in hand, practically begging for a job, Corrons said.' The story concludes with a brief response from Netkairo, who acknowledges seeking the job at Panda because he is broke now that his moneymaking machine has been dismantled."
What about Kevin Mitnick? He is making a living by switching his hat from black to white, and no one had a problem with that. It would seem that Panda might do better having a few people who know how to make malware so successfully. The question, of course, is "can you trust them?" and only they can answer that.
What did you expect the guys to do for jobs, flip burgers? Become stock brokers? Of course they would pursue careers in security. It seems they must know a fair amount about it to get away with so much, for so long. They certainly know more than someone coming straight from a CS degree.
Tequila: It's not just for breakfast anymore!
...Then a life of crime is all that awaits. It's easy to say you have high standards shutting potentially talented people out of your organization, but no one should be surprised if those people turn to illegitimate activities again.
And all our yesterdays have lighted fools The way to dusty death. --Will
But there's a big difference between giving someone a second chance and giving them whatever job they want. These guys have already proven that they have some severe ethical problems. That can limit the roles in which a company is willing to let them work. As an example: Would you be ok with these guys working on the database that contains your credit card number, or bank account details? If not then perhaps you can understand why a company wouldn't want them in certain roles.
So while I'm not saying "Screw them, they should have to beg for food for life," I think they need to accept that they aren't going to be able to be computer security professionals, at least not for some time. Perhaps they need to look at careers away from computers entirely. However if they are staying in the computer field, they are probably going to have to look at jobs that don't involve access to much, maybe helpdesk type positions. Kinds sucks but that's life.
Trust isn't the kind of thing that you can just get back once you've destroyed it. It takes time to rebuild. They are going to need to spend time working honestly to show that indeed they have learned their lesson and can act in an ethical manner. They can't expect to get a job with access to potentially sensitive data straight off, even if their technical skills are top notch (and I question if that's the case).